https://github.com/degree9/covenant
Access Control and Data Validation for Clojure(Script) written in Clojure Spec.
https://github.com/degree9/covenant
abac access-control acl clojure clojurescript covenant data-validation rbac
Last synced: 5 months ago
JSON representation
Access Control and Data Validation for Clojure(Script) written in Clojure Spec.
- Host: GitHub
- URL: https://github.com/degree9/covenant
- Owner: degree9
- License: mit
- Created: 2017-12-20T05:49:11.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-11-10T06:17:05.000Z (over 6 years ago)
- Last Synced: 2024-04-09T16:57:45.998Z (about 1 year ago)
- Topics: abac, access-control, acl, clojure, clojurescript, covenant, data-validation, rbac
- Language: Clojure
- Homepage:
- Size: 54.7 KB
- Stars: 7
- Watchers: 2
- Forks: 2
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Covenant
[](https://clojars.org/degree9/covenant)
[](https://versions.deps.co/degree9/covenant)
[](https://versions.deps.co/degree9/covenant)
[](https://circleci.com/gh/degree9/covenant/tree/master)
Access Control and Data Validation for Clojure(Script) written in Clojure Spec.
> A covenant, is a solemn promise to engage in or refrain from a specified action. - [Wikipedia](https://en.wikipedia.org/wiki/Covenant_(law))
---
Covenant is developed and maintained by Degree9
---
Covenant is divided into a few namespaces:
- `covenant.core` ICovenant protocol and public api.
- `covenant.schema` type/value based data comparison on top of clojure.spec.
- `covenant.acl` provides covenants around Access Control List's (ACL).
- `covenant.rbac` provides covenants around Role Based Access Control (RBAC).
- `covenant.abac` provides covenants around Attribute Based Access Control (ABAC).
## Usage ##
### `ICovenant` Protocol
Covenant exposes a protocol that closely matches cljs native spec.
```clojure
(defprotocol ICovenant
"Provides an abstraction for validating data using clojure.spec based on a covenant."
(assert [covenant data] "See clojure.spec/assert.")
(conform [covenant data] "See clojure.spec/conform.")
(explain [covenant data] "See clojure.spec/explain.")
(problems [covenant data] "See clojure.spec/explain-data.")
(validate [covenant data] "See clojure.spec/valid?.")
(spec [covenant] "Returns related spec for `covenant`."))
```
The `spec` function will return a spec based on the passed data.
A simple example is that `(covenant.core/spec nil)` will return
`:covenant.core/nil` which is preregistered with spec as
`(clojure.spec.alpha/def :covenant.core/nil nil?)`.
Scalar primitives simply return a spec/predicate based on their data type while
collections also compare their contents.
### RBAC
`covenant.rbac` provides validation fns that are "loose" for collections.
If some values in the passed collection (deep) matches the passed covenant then
`covenant.core/validate` returns `true` after `covenant.rbac` has been required.
```clojure
(require 'covenant.rbac)
(covenant.core/validate {:roles [:admin :editor]} {:roles [:admin]}) ; true
(covenant.core/validate {:roles [:admin :editor]} {:roles [:admin :editor]}) ; true
(covenant.core/validate {:roles [:admin :editor]} {:roles [:editor]}) ; true
(covenant.core/validate {:roles [:admin :editor]} {:roles []}) ; false
(covenant.core/validate {:roles [:admin :editor]} {:roles [:foo]}) ; false
```
### Examples
`(:require covenant.core :as covenant)`
For more examples check out the test suite.
A vanilla spec + scalar primitive will pass `covenant/explain`.
```clojure
(covenant/explain :covenant.core/number 1)
; =>
;Success!
```
---
Support this and other open-source projects on Patreon!
---